Allow running the supervisor in the devenv using docker in docker.

2025-04-24 04:55:42 +00:00 · 2015-06-02 13:47:33 +01:00 · 2015-06-02 13:47:33 +01:00 · 6c2467cca8
commit 6c2467cca8
parent 4003bd4828
9 changed files with 140 additions and 7 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -7,3 +7,5 @@ Makefile
 .editorconfig
 coffeelint.json
 automation
+tools
+README.md
--- a/19
+++ b/19
@ -4,7 +4,7 @@ ARCH = rpi# rpi/x86_64/i386/armv7hf

 DEPLOY_REGISTRY = registry.resindev.io:5000/

-SUPERVISOR_VERSION = latest
+SUPERVISOR_VERSION = master

 all: supervisor 

@ -13,6 +13,16 @@ IMAGE = "resin/$(ARCH)-supervisor:$(SUPERVISOR_VERSION)"
 clean:
 	-rm Dockerfile

+supervisor-dind:
+	cd tools/dind && docker build --no-cache=$(DISABLE_CACHE) -t resin/resin-supervisor-dind:$(SUPERVISOR_VERSION) .
+
+run-supervisor: supervisor-dind
+	-docker stop resin_supervisor_1 > /dev/null
+	-docker rm -f resin_supervisor_1 > /dev/null
+	cd tools/dind \
+	&& sed --in-place -e "s|SUPERVISOR_IMAGE=.*|SUPERVISOR_IMAGE=resin/$(ARCH)-supervisor:$(SUPERVISOR_VERSION)|" config/env \
+	&& docker run -d --name resin_supervisor_1 --privileged -v $$(pwd)/config.json:/usr/src/app/config/config.json -v $$(pwd)/config/env:/usr/src/app/config/env -v /sys/fs/cgroup:/sys/fs/cgroup:ro resin/resin-supervisor-dind:$(SUPERVISOR_VERSION)
+
 supervisor:
 	cp Dockerfile.$(ARCH) Dockerfile
 	echo "ENV VERSION "`jq -r .version package.json` >> Dockerfile
@ -23,9 +33,4 @@ deploy: supervisor
 	docker tag -f $(IMAGE) $(DEPLOY_REGISTRY)$(IMAGE)
 	docker push $(DEPLOY_REGISTRY)$(IMAGE)

-run-supervisor-x86_64:
-	docker run --privileged -d -v /var/run/docker.sock:/run/docker.sock -v /boot/config.json:/boot/config.json -v /:/mnt/root -v /resin-data/resin-supervisor:/data -v /proc/net/fib_trie:/mnt/fib_trie -v /var/log/supervisor-log:/var/log -e API_ENDPOINT=https://staging.resin.io -e REGISTRY_ENDPOINT=registry.staging.resin.io -e PUBNUB_SUBSCRIBE_KEY=sub-c-bananas -e PUBNUB_PUBLISH_KEY=pub-c-bananas -e MIXPANEL_TOKEN=bananasbananas  resin/x86_64-supervisor /start
-run-supervisor-i386:
-	docker run --privileged -d -v /var/run/docker.sock:/run/docker.sock -v /boot/config.json:/boot/config.json -v /:/mnt/root -v /resin-data/resin-supervisor:/data -v /proc/net/fib_trie:/mnt/fib_trie -v /var/log/supervisor-log:/var/log -e API_ENDPOINT=https://staging.resin.io -e REGISTRY_ENDPOINT=registry.staging.resin.io -e PUBNUB_SUBSCRIBE_KEY=sub-c-bananas -e PUBNUB_PUBLISH_KEY=pub-c-bananas -e MIXPANEL_TOKEN=bananasbananas  resin/i386-supervisor /start
-
-.PHONY: supervisor deploy run-supervisor-x86_64 run-supervisor-i386
+.PHONY: supervisor deploy supervisor-dind run-supervisor
--- a/README.md
+++ b/README.md
@ -0,0 +1,20 @@
+# Running supervisor in the dev env
+
+## Set up config
+Edit `tools/dind/config.json` to contain the values for a staging config.json.
+
+## Start the supervisor instance
+```
+make ARCH=i386 run-supervisor
+```
+
+## View the containers logs
+```
+logs supervisor -f
+```
+
+## View the supervisor logs
+```
+enter supervisor
+tail /var/log/supervisor-log/resin_supervisor_stdout.log -f
+```
--- a/tools/dind/Dockerfile
+++ b/tools/dind/Dockerfile
@ -0,0 +1,19 @@
+FROM resin/resin-base
+
+VOLUME /var/lib/docker
+ENV DOCKER_VERSION 1.6.2
+
+# From get.docker.com script
+RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 \
+	&& echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list \
+	&& apt-get update && apt-get install lxc-docker-${DOCKER_VERSION} \
+	&& rm -rf /var/lib/apt/lists/*
+	
+RUN apt-get update && apt-get install jq \
+	&& rm -rf /var/lib/apt/lists/*
+
+COPY config/openvpn/ /etc/openvpn/
+COPY config/services/ /etc/systemd/system/
+COPY vpn-init /usr/src/app/
+
+RUN systemctl enable resin-supervisor-dind
--- a/tools/dind/config/openvpn/ca.crt
+++ b/tools/dind/config/openvpn/ca.crt
@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIJAPSxvaHnsjuiMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTMxMjEyMTQ0NzU2WhcNMjMxMjEwMTQ0NzU2WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDlMvQ2juZrzXRqWpX7t4FXXLl4G8ncNT1v2MmT3pp6uF4nkVGuR4YtW3bipCKa
+TXFvyhZuxE/7fJYGhafMWZs26kPt7vsmiTREEGC+BHqNQb0wImrLZOK2W97GduSe
+e8nZcWSC3Z8UCXRBH7Zks4zaFwhtcggvdJ/Pw9w12tNIzQIDAQABo1AwTjAdBgNV
+HQ4EFgQUU4WqX2fLx7gU2QpQvVH0nZNQsRYwHwYDVR0jBBgwFoAUU4WqX2fLx7gU
+2QpQvVH0nZNQsRYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAYhTMd
+PsCCxHlqBjOuswP6PYOg5Mz5Aqg70ZZfhLjEWyoSEsrVJM4es+xrtHAItT28Axky
+RPN7rzLsd3GiH9a6WzaeNdpWdYMSi3+NrNbkOSvnNhGxu/QHb0LtmetxpD6SDFfP
+J11EnN34vWG1JBYHv5Sov+E993rRJvE4UEulZQ==
+-----END CERTIFICATE-----
--- a/tools/dind/config/openvpn/client.conf
+++ b/tools/dind/config/openvpn/client.conf
@ -0,0 +1,17 @@
+client
+remote vpn.staging.resin.io 443
+resolv-retry infinite
+
+remote-cert-tls server
+ca /etc/openvpn/ca.crt
+auth-user-pass /var/volatile/vpnfile
+auth-retry nointeract
+
+comp-lzo
+dev tun
+proto tcp
+nobind
+
+persist-key
+persist-tun
+verb 3
--- a/tools/dind/config/services/openvpn@client.service.d/uuid.conf
+++ b/tools/dind/config/services/openvpn@client.service.d/uuid.conf
@ -0,0 +1,6 @@
+[Service]
+WorkingDirectory=/usr/src/app
+EnvironmentFile=/usr/src/app/config/env
+ExecStartPre=/usr/src/app/vpn-init
+TimeoutStartSec=0
+Restart=always
--- a/tools/dind/config/services/resin-supervisor-dind.service
+++ b/tools/dind/config/services/resin-supervisor-dind.service
@ -0,0 +1,36 @@
+[Unit]
+Description=resin-supervisor-dind
+Requires=confd.service docker.service openvpn@client.service
+After=confd.service
+Before=openvpn@client.service
+
+[Service]
+WorkingDirectory=/usr/src/app
+EnvironmentFile=/usr/src/app/config/env
+ExecStartPre=/usr/bin/docker pull ${SUPERVISOR_IMAGE}
+ExecStartPre=-/usr/bin/docker kill resin_supervisor
+ExecStartPre=-/usr/bin/docker rm resin_supervisor
+ExecStartPre=-/bin/touch /etc/resolv.conf
+ExecStart=/usr/bin/docker run --rm --privileged --name resin_supervisor \
+	--net=host \
+	-v /var/run/docker.sock:/run/docker.sock \
+	-v "${CONFIG_PATH}:/boot/config.json" \
+	-v /resin-data/resin-supervisor:/data \
+	-v /proc/net/fib_trie:/mnt/fib_trie \
+	-v /var/log/supervisor-log:/var/log \
+	-v /:/mnt/root \
+	-v /etc/resolv.conf:/etc/resolv.conf:ro \
+	-e "API_ENDPOINT=${API_ENDPOINT}" \
+	-e "REGISTRY_ENDPOINT=${REGISTRY_ENDPOINT}" \
+	-e "PUBNUB_SUBSCRIBE_KEY=${PUBNUB_SUBSCRIBE_KEY}" \
+	-e "PUBNUB_PUBLISH_KEY=${PUBNUB_PUBLISH_KEY}" \
+	-e "MIXPANEL_TOKEN=${MIXPANEL_TOKEN}" \
+	-e "LED_FILE=${LED_FILE}" \
+	-e "LISTEN_PORT=${LISTEN_PORT}" \
+	-e "SUPERVISOR_IMAGE=${SUPERVISOR_IMAGE}" \
+	${SUPERVISOR_IMAGE}
+TimeoutStartSec=0
+Restart=always
+
+[Install]
+WantedBy=basic.target
--- a/tools/dind/vpn-init
+++ b/tools/dind/vpn-init
@ -0,0 +1,13 @@
+#!/bin/bash
+while true; do
+	if [ `jq ".uuid | length" $CONFIG_PATH` -eq 0 ]; then
+		echo "UUID missing from config file, VPN cannot connect"
+		sleep 2
+	else
+		read uuid api_key <<<$(jq -r '.uuid,.apiKey' $CONFIG_PATH)
+		mkdir -p /var/volatile/
+		echo $uuid > /var/volatile/vpnfile
+		echo $api_key >> /var/volatile/vpnfile
+		break
+	fi
+done